Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Debian Needs Your Help to Improve UEFI Support in the Distribution

Steve McIntyre, a renowned Debian developer and leader of the "Debian-CD" team, wrote an interesting announcement a couple of days ago informing us all that there was a new team of developers for Debian, maintaining all of their UEFI packages. Read more

To Expedite Innovation, Give Away Your Code

Open-source software has been a growing phenomenon for more than two decades, but in recent years it has risen in importance in a whole new way: as a key to rapid innovation for startups and corporate giants alike. One example of open-source software being used to increase the velocity of technical innovation can be seen with Airbnb. In early June, Airbnb did something that might sound crazy. It decided to give away a sophisticated software tool it developed called Aerosolve. Aerosolve uses machine learning to understand what consumers will pay for a certain kind of room in a certain place — and helps people figure out how to price their Airbnb rentals. Read more

Teaching students the value of open source

Open source is not just about making something publicly accessible. It is a set of values—a way of working that practices open collaboration between a community to build or maintain something. On the basis of these values, today we can observe a vibrant and thriving open source community responsible for many of the great successes in many industries. Read more

Hayao Miyazaki CG Tribute Made with Open Source Tools

Dono produced photorealistic worlds for the memorable stars of Spirited Away, Kiki’s Delivery Service, My Neighbor Totoro, Princess Mononoke, and many more of Hayao Miyazaki’s masterpieces using a suite of open source tools, including Blender for 3D, Gimp for image editing, and Natron for compositing. The only non-open source software was the rendering engine, Octane. Read more